Report - www.carifred.com/uvk/UVK.zip

Report Overview

Visited public
2025-02-22 17:28:33
Tags
URL
www.carifred.com/uvk/UVK.zip
Finishing URL
about:privatebrowsing
IP / ASN
74.208.128.80
#8560 IONOS SE
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.carifred.com	unknown	2009-12-04	2012-05-21	2025-02-22	494 B	11 MB	74.208.128.80

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.carifred.com/uvk/UVK.zip
IP
74.208.128.80
ASN
#8560 IONOS SE

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
11 MB (11226174 bytes)
Hash
e0db4c2acef22b747292d9b30a096a44
6f6b98053ed1b16524ef02772867eea167f0101d
5ab30b2bab161865b3a998b46b5584a5a26fee7593ebd21060f145c64e7ff886

Archive (32)

Filename

Md5

File type

BlueScreenView.chm

d130e5001531448871bb8ef10c106b25

MS Windows HtmlHelp Data

BlueScreenView.exe

6126f1221d29712c069ee28ef4186e24

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

readme.txt

acecb7d7af592da7a843ef44b4500818

ASCII text, with CRLF line terminators

cleanup.exe

fca6cbedaee95a32fb37f096294297ea

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

cleanup.ini

1d1e8db5611cb01984b24381978371c1

ASCII text, with CRLF line terminators

msicuu.exe

48a13623c6ed3e8437721e3af6da4a06

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

msicuu_readme.txt

31f061b4053a587c987096ed824eff76

ASCII text, with very long lines (542), with CRLF line terminators

MsiZap.exe

27d4bcc325306b1415a89de550528e04

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

msizapw.exe

27d4bcc325306b1415a89de550528e04

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

readme.txt

cf28fd8623c794542149d7e730e34106

Non-ISO extended-ASCII text, with CRLF line terminators

sigcheck.exe

d49706ab3d9e1a1fe1e0b72d7d0e8559

PE32 executable (console) Intel 80386, for MS Windows, 4 sections

unicows.dll

e1102cedf0c818984c2aca2a666d4c5f

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

wordpad.exe.mui

2cea1bb3daf7ec3bf37be3562fc99088

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

wordpad.exe.mui

706139c35258eb41147bda5207eea946

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

wordpad.exe

dbaa8c214404f59b05a410d20ecf017a

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

WordpadFilter.dll

3f451c410ea50f3c30cefcc4cea7a188

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

7za.exe

42badc1d2f03a8b1e4875740d3d49336

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

AutoItRun.exe

0f0a43c382616c17b659044ea13455dd

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

AutoItRun64.exe

4cc9033d969fef277c6f2a736a90f804

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

Log analyzer.exe

bc84ecdfbfed2c9901f841036ededc52

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

2Browse.exe

50fdc6d331e1b54d1adfab165aa1dde6

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

RebootExec.exe

ee613576b6bab755b31e3ac2236cc7c6

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

RebootExecx64.exe

bf28d0173c729ff38a8f12d05d8b7b8f

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

WAU Manager.exe

e2ea4c3311ba70b40f9c09242ffe0fce

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ClearDiskInfo.exe

b1d5999016ed2289d3df60171281a9ad

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

DiskCopy.bat

6ed823b277da7b047f6beda22aa0616b

DOS batch file, ASCII text, with CRLF line terminators

DiskCopy.exe

8b813283df2884a7114397fb32cf007f

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

uvkres.dll

ba0a34e584065dd6d6b0fbdd6ef881df

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

UVK_en.exe

ff8211ad507c10aa97982f0870a6c4c3

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

UVK_en64.exe

28c1c74807ad5ea0ab29ff45eb3dc208

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

PortableZip.ini

d41d8cd98f00b204e9800998ecf8427e

License.htm

94c8cd4e199f72946aef86fca55a06a6

HTML document, ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
VirusTotal	suspicious	VirusTotal - Scan result 2/66

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.carifred.com/uvk/UVK.zip

74.208.128.80

200 OK

11 MB

URL User Request GET HTTP/2
www.carifred.com/uvk/UVK.zip
IP
74.208.128.80:443
ASN
#8560 IONOS SE

Certificate
IssuerSectigo Limited
Subject*.carifred.com
FingerprintE6:07:E2:9F:EB:D2:E1:18:62:6D:3A:EA:B9:80:F1:9C:61:9A:36:FF
ValiditySun, 06 Oct 2024 00:00:00 GMT - Mon, 13 Oct 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
11 MB (11226174 bytes)
Hash
e0db4c2acef22b747292d9b30a096a44
6f6b98053ed1b16524ef02772867eea167f0101d
5ab30b2bab161865b3a998b46b5584a5a26fee7593ebd21060f145c64e7ff886

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/66

HTTP Headers

GET /uvk/UVK.zip HTTP/1.1
Host: www.carifred.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 22 Feb 2025 17:27:59 GMT
content-type: application/zip
content-length: 11226174
last-modified: Mon, 27 Jan 2025 23:13:54 GMT
etag: "ab4c3e-62cb83ae97449"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (32)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers